The Changing Game of Cyber Defense

Raytheon hosts top security experts Panetta, Ridge, Chopra

It was an elegant setting and the perfect occasion for a serious talk about cyber defense.

On the parklands of the Presidio in San Francisco – a former military base in the shadow of the Golden Gate Bridge, with a history dating to 1776 – Raytheon brought together some of the nation’s top authorities on security and technology: former Secretary of Defense Leon Panetta, who also served as CIA director and as chief of staff to President Clinton; Tom Ridge, the nation’s first secretary of homeland security and a former governor of Pennsylvania; and Aneesh Chopra, author and former chief technology officer for President Obama.

“I commend Raytheon because of all the great work they did and continue to do for the defense of this country,” Panetta said. “I always said that cyber is the battlefield of the future…This is an important fight and we’re going to have to engage in it together. We literally could have an enemy cripple this country with a cyber attack.”

Panetta, Chopra and Ridge made no bones about the importance of cybersecurity, urging the event crowd of about 200 digital security professionals to spread the word. “The challenge we have in this country is to appreciate that cyber is a huge risk,” said Ridge. “You have to manage it.”

The Raytheon panel discussion was held as San Francisco hosted the week-long RSA Security Conference, an annual meeting that draws nearly 30,000 IT security professionals. As the conference began, Raytheon announced its agreement with Vista Equity Partners for a joint venture that will bring defense-grade cybersecurity products to the commercial market.

Raytheon will invest $1.57 billion for an 80 percent stake in the new company, which will combine Websense, one of Vista’s portfolio companies, with Raytheon Cyber Products, a unit of Raytheon’s Intelligence, Information and Services business.

“The market for advanced cyber solutions that protect and defend global industry and infrastructure is rapidly growing due to the sophisticated threats posed by well-funded, nation-state adversaries and criminal networks,” said Raytheon Chairman and CEO Thomas A. Kennedy. “The new joint venture will combine Raytheon Cyber Products and Websense capabilities to deliver the advanced, defense-grade technology solutions needed to meet this evolving threat.”

The global reach of cyber attackers has heightened the need for an enterprise combining the sophistication of defense contractor Raytheon’s cyber products with the Websense presence in commercial markets, according to David C. Wajsgras, president of Raytheon’s Intelligence, Information and Services business, who introduced the panelists.

“We believe with great certainty that we are going to change the game when it comes to cybersecurity,” he said.

Panel members stressed that cybersecurity must become a strategic priority for corporate leaders.

“Economic growth will be increasingly built on digital assets,” said Chopra, who called for government and businesses to develop standards of cyber protection. “With this emerging capacity, we need rules of the road that allow us to both open up and lock down (online activity).”

Ridge said cybersecurity must be built into the business strategies of organizations. “The most important element in building a cyber-resistant enterprise is the leadership. It has to come from the top down,” he said. “The CEO and the board have to understand that they are at risk. You better presume you’ve been hacked and hope like hell you haven’t.”

Panetta said he worries it will take a disastrous attack to get leaders to take cybersecurity seriously enough. “In a democracy, we govern either by leadership or by crisis,” he said. “If leadership is there, we can confront the crisis and manage it. If leadership is not there, you’re managing by crisis.

“That’s why it has to be lifted up to the level of the CEO and the board of directors. Until we are able to raise that level of awareness, we’re going to wait until crisis drives the process.”

Ridge noted that with governments sponsoring cyber attack operations, the threat has become much larger and longer-lasting than it was in the day of individual hackers. “The nation-state has a lot more time than the hacktivists or the criminals,” he said. "(We) have watches. They have time.”

The development of the Internet of Things – the trend for appliances and other devices to be connected and controlled online – has created new dimensions to the cyber threat. “A professor told me, ‘I was able to send a kill command to an implantable medical device,’” Chopra said. “As the Internet of Things enables a lot of our infrastructure, how many connected devices are going to enable our lives – and create risk?”

All three panelists agreed that developing trained cyber professionals will be of critical importance for cyber defenses. “That’s going to be real tough for the government,” Ridge added, “because Raytheon’s going to hire them all.”